Hello,I hadn't used my Xbox for a few months, I powered it up and not unsurprisingly it wanted to perform an update. I accepted this, the download bar appeared and moved across one block then failed with this error code: 3F4B - 0000 - 3080 - 0300 - 8007 - 2746.I followed the troubleshooting guide and have tried installing again, clearing the system cache, have plenty of storage space and have tried re-inserting all storage devices. I then tried installing the update from USB which successfully extracted and hasupdated my dashboard etc. However when the Live sign in occurs I now get this error message (but no error code): 'Update Failed; A system update is required to sign in to Xbox LIVE, but the update is currently unavailable.' I have been through this with Microsoft support and they decided to take my Xbox in for repair to apply the update, however it has come back and is doing exactly the same. I have power cycled my router and all other equipment, also tried changing my DNSservers for the Xbox to Google's 8.8.8.8/4.4.4.4.I contacted Microsoft support again and they intend for this to be escalated to a hardware specialist, however it doesn't feel like a hardware problem as games work offline without a problem, it's just signing in to Xbox Live which isn't working. With thatin mind I include the connection test error status report in the hope that someone can tell me what the numbers mean!
I've found others with similar error codes on here but no conclusive answers.Many thanks. What Country/State/Province do you live in? United KingdomModem brand & model number: World Wide Packets LightningEdge 46Router brand & model number: Cisco 2821Is UPnP Enabled?
NoDo you have a NAT error? NoWho is your ISP(Internet Service Provider)? VirginAfter you run 'Test Xbox LIVE connection' press “Y” for 'More Info”. In the pop-up that appears, what are the following values, if shown? (If a value below does not appear for you, just leave it blank.)W: 0000 - 000BX: 0000 - F009Y: 20A8 - 48E0Z: 0000 - 0000ID: 0006 - 0000L: 8015 - 192AQ: 8007 - 0435T: WiredD: 8.8.8.8/4.4.4.4.
On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security. Maybe they should look here at all the entries for 'default credentials':Roland, this isn't the home wi-fi market we're talking about. Anyonethat's going to buy one of these puppies is going to have a clue aboutputting their password in.
BTW: You have to be on the console or themanagement port on them to use the default password (ok, you could geton the right VLAN too.) Problem solved, except for those cases wherethe operator is a total idiot. Trust me, the shop I'm working forisn't that way, not with the size of the roll-out we're doing (25k+switches.)I liked what you said about firewalls vs. Servers but, to be honest, inthis thread you're really beating a dead horse.-Joe-Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474.
On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security. Maybe they should look here at all the entries for 'default credentials': Roland, this isn't the home wi-fi market we're talking about.
Anyone that's going to buy one of these puppies is going to have a clue about putting their password in.You apparently missed the recent thread on NANOG where this guy was askingfor some help with 'Default Passwords for World Wide Packets/Lightning EdgeEquipment'. Apparently not everyone has the 'clue' you expect them to. JG-Joe Greco - sol.net Network Services - Milwaukee, WI -'We call it the 'one bite at the apple' rule. Give me one chance and then Iwon't contact you again.' - Direct Marketing Ass'n position on e-mail spam(CNN)With 24 million small businesses in the US alone, that's way too many apples. On Wed, Jan 06, 2010 at 10:45:32PM -0600, Joe Greco wrote: On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security.?Maybe they should look here at all the entries for 'default credentials': Roland, this isn't the home wi-fi market we're talking about.
Anyone that's going to buy one of these puppies is going to have a clue about putting their password in. You apparently missed the recent thread on NANOG where this guy was asking for some help with 'Default Passwords for World Wide Packets/Lightning Edge Equipment'. Apparently not everyone has the 'clue' you expect them to.To be fair, he was just asking about factory resetting the device becausethe current password was unknown, then reconfiguring the device (I'm willingto be generous and assume that the reconfiguration included setting a new,secure password).- Matt. On Wed, Jan 06, 2010 at 10:45:32PM -0600, Joe Greco wrote: On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security.?Maybe they should look here at all the entries for 'default credentials': Roland, this isn't the home wi-fi market we're talking about. Anyone that's going to buy one of these puppies is going to have a clue about putting their password in.
You apparently missed the recent thread on NANOG where this guy was asking for some help with 'Default Passwords for World Wide Packets/Lightning Edge Equipment'. Apparently not everyone has the 'clue' you expect them to. To be fair, he was just asking about factory resetting the device because the current password was unknown, then reconfiguring the device (I'm willing to be generous and assume that the reconfiguration included setting a new, secure password).But that's my point. Someone who is presumably reasonably clueful hada problem determining what a predefined default password for a givendevice is.
If it's difficult to determine THAT, what sort of chancedoes an engineer/admin have when he doesn't even possess the manual forthe device, and it requires some more clever and sophisticated serial-number based method?The fact that someone has purchased some extremely expensive device doesnot guarantee that the next guy who has to run it will magically be ableto figure it all out. JG-Joe Greco - sol.net Network Services - Milwaukee, WI -'We call it the 'one bite at the apple' rule. Give me one chance and then Iwon't contact you again.' - Direct Marketing Ass'n position on e-mail spam(CNN)With 24 million small businesses in the US alone, that's way too many apples. Matthew Palmer mpalmer@hezmatt.org To be fair, he was just asking about factory resetting the device because the current password was unknown, then reconfiguring the device (I'm willing to be generous and assume that the reconfiguration included setting a new, secure password).Thank you - You're correct. The administration and security of these devices is hardly magic - but one has to be able to access them in order to secure them. The devices haven't even left my hotel room for the production site, and you would already be SOL if you didn't have access to the either the (management interface AND the Very Long Password) or the (reset button AND the management interface AND (the default password)).Dobbins, Roland rdobbins@arbor.net Which goes to show that they just really don't get it when it comes to security.So are you specifically opposed to globally default passwords, or are you opposed to being able to reset a device to factory defaults and somehow get into the device?
World Wide Packets Lightning Edge 46 Manually Tv
Because while I still maintain there's no real security issue with the former (if there is, there's a bigger issue), all that I'm really gung ho for is the ability to get into a piece of equipment I need to operate, even if I don't have credentials to it.Nothing grinds my gears more than equipment that has to be thrown out because there is no recovery mechanism. I frankly don't much care if the default password on my WWP LE427 is 'wwp' or 'wwpserial-number-which-is-printed-on-the-back' - as long as I can get it so I can get in and change it, I'm happy.Steven Bellovin smb@cs.columbia.edu And we all suffer from p0wned devices, because they get turned into bots. Roland is 100% right.Eh. I think this is confusing cause and effect.
We all suffer, but the fact that a device is compromised because of a default password is, at the root of the chain, the result of a faulty Operator. Why was the password left at default? Why was it possible to access the management interface to utilize the default password? I would argue that the solution is to replace or modify the defective operator, rather than replacing, eliminating, or modifying the tool they misused.Joe Hamelin joe@nethead.com I've been in training with the WWP folks for the last two days (VERY GOOD TRAINING, BTW!) and they got quite a chuckle out of this thread.Are they still around, or are they Ciena employees?
My understanding was that they were completely acquired. If you got some serious layer 2 stuff to do, these boxes have a really interesting architecture and some trick features (unix type shell, for one.)Yep, they're rock solid devices. Every deployment I've seen of them as worked very well. Ciena certainly got a good deal out of buying them!
I'm actually not sure how much of the WWP gear is still manufactured.Thank you all again for helping me sort out what the factory default WWP passwords are so that I can now have a secure and documented deployment out here! I've received a couple offers of technical assistance from WWP veterans that I may well take up moving forward.Best Regards,Nathan Eisenberg. On Thu, 7 Jan 2010, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security.
Maybe they should look here at all the entries for 'default credentials': Actually, should be 'default password'.Default credentials may be a more generic description of the problem(although 'default password' is a better search term). A problem withdefault credentials is history has demonstrated even an expert (i.e.the vendors own technical support) aren't always certain they'vefound and changed every default credential possible on complex devices.Its not just the usual console access, but also snmp protocalspublic/private, http protocols admin, ldap cn=admin, postscript none,decnet mop, and so on. Even if you think you know every possibleprotocol, some vendors have had the habit of adding new protocols inupdates with its own set of defaults for new remote access protocols.Multiple protocols, using multiple authorization sources, with defaults.Its not a suprise why old-timers get annoyed with vendor gear withdefault remote access methods enabled before the user configured theaccess credentials for the access method. Eventually you'll get bit bysome device, some protocol, that has something enabled without yourknowledge. If you require your vendors not to ship stuff with remoteaccess enabled by default, its not a substitute for your own duedilgence, but in practice it helps reduce unexpected incidents.
On Jan 6, 2010, at 11:38 PM, Joe Hamelin wrote: On Wed, Jan 6, 2010 at 7:19 PM, Dobbins, Roland wrote: Which goes to show that they just really don't get it when it comes to security. Maybe they should look here at all the entries for 'default credentials': Roland, this isn't the home wi-fi market we're talking about. Anyone that's going to buy one of these puppies is going to have a clue about putting their password in.Again, look at - while consumer devices were much worse, there was a noticeable problem on enterprise devices and a significant problem with VoIP devices, and I suspect that those latter are largely enterprise-based.-Steve Bellovin. On Wed, 06 Jan 2010 18:24:26 -0500, Jeffrey I. Schiller wrote: An option I saw years ago (I forgot on whose equipment) was a default password which was a function of the equipment's serial number.
So you had to have the algorithm and you needed the serial number which was not related to the MAC. So if you didn't have physical access, you were not in a good position to learn the password.Gadzoox used to do that. The management modules for their hubs hadfactory set random passwords. It's provided on a sticker with the card,so you can put it where you want - just don't lose it, because that'sonly place it exists (without breaking out a JTAG debugger.)Yes, their later gear has standard default passwords.-Ricky. On Wed, 06 Jan 2010 19:13:28 -0500, Nick Hale wrote: I think the vendor you're thinking of was Cabletron (now Enterasys). I had to call them and give them the Serial Number for them to provide me with the default password to the system after a hard reset (this was for an ELS100-24TXG 'switch').And their CPE gear had a 5 minute password reset window after power on.We hated the customers who'd figured that out.While we're on the subject, a lot of leibert gear has a dip switch/jumperblock to turn passwords off entirely.
(of course, that requires physicalaccess and a power cycle.)-Ricky. While we're on the subject, a lot of leibert gear has a dip switch/jumper block to turn passwords off entirely. (of course, that requires physical access and a power cycle.)So do a lot of HP/Compaq servers with integrated lights out management.Don't think you even need to power cycle (whether you're brave enough togo poking around the deep innards of an energized server is anothermatter). I know the DIP switch on older DL385's is a micro DIP switchand it's inconveniently located in the middle of the server behind somestuff.The good part is that you can clear out unknown passwords as long as youhave access to the chassis innards. The bad part is that I've seen theseleft in password bypass mode (though the BIOS thoughtfully warns you ofthe status if you do that). JG-Joe Greco - sol.net Network Services - Milwaukee, WI -'We call it the 'one bite at the apple' rule. Give me one chance and then Iwon't contact you again.'
- Direct Marketing Ass'n position on e-mail spam(CNN)With 24 million small businesses in the US alone, that's way too many apples. A password recovery method I've found very frustrating is to use theserial number or similar value that's on a label on the bottom of theequipment. On Tue, 12 Jan 2010 17:50:37 PST, Bill Stewart said: A password recovery method I've found very frustrating is to use the serial number or similar value that's on a label on the bottom of the equipment.Related pet peeve: Inventory and asset control people that stick a sticker onhardware and then expect to be able to scan the barcode at a later date. Worksfine if the barcode sticker actually ends up facing the front or the back ofthe rack. But occasionally, the sticker ends up stuck on an empty space on theprinted circuit board of a upgrade blade that's plugged into a chassis.
On January 12, 2010 at 23:03 Valdis.Kletnieks@vt.edu (Valdis.Kletnieks@vt.edu) wrote: On Tue, 12 Jan 2010 17:50:37 PST, Bill Stewart said: A password recovery method I've found very frustrating is to use the serial number or similar value that's on a label on the bottom of the equipment. Related pet peeve: Inventory and asset control people that stick a sticker on hardware and then expect to be able to scan the barcode at a later date. Works fine if the barcode sticker actually ends up facing the front or the back of the rack. But occasionally, the sticker ends up stuck on an empty space on the printed circuit board of a upgrade blade that's plugged into a chassis.Sounds like RFID FTW!Actually, I have no idea if it'd work, maybe someone else does. Seemslike it'd be nice to be able to just wand a rack and poof out comes alist of everything in it.-Barry SheinThe World bzs@TheWorld.com Purveyors to the Trade Voice: 800-THE-WRLD Dial-Up: US, PR, CanadaSoftware Tool & Die Public Access Internet SINCE 1989.oo. We have an internally written app that allows us to either find where inthe data center a server is, or pull up a rack and see what's in it. Itwouldn't be a very big leap to assign each rack a bar code and have an app(you could even write it as a smartphone app) that scans the bar code andlooks up what's in the rack.
Jeffrey S Chase
Of course, without access to (authenticationis required) the web app front end for the database of what's where, justscanning the bar code wouldn't get you anything but a rack serialnumber.so you don't have to worry about random people scanning the rackbar code.BTW.a friend who works for a mostly failed.com patented something likethis some years ago. -Original Message- From: Matt Simmons mailto:standalone.sysadmin@gmail.com Sent: Wednesday, January 13, 2010 9:55 AM To: Barry Shein Cc: nanog@nanog.org; Bill Stewart Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment That would be excellent for both the administrator, and anyone walking down the row with a wand in their pocket.I'm not sure there's an attack vector utilizing inventory ID numbers. Even if there is, they can just as easily scan a barcode or read a label from that distance, so I'm not sure there's a huge difference.Best Regards,Nathan Eisenberg. There seem to be a lot of misconceptions about RFID tags. On Jan 13, 2010, at 1:45 PM, Barry Shein wrote: There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application.Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F and ser#.
The vendor knows F - who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendordb), being able to read this admittedly-arbitrary number may indeed be a threat.-Steve Bellovin. Not if you change the default password like any sane admin does.-Original Message-From: Steven Bellovin mailto:smb@cs.columbia.eduSent: Wednesday, January 13, 2010 11:26 AMTo: Barry SheinCc: nanog@nanog.org; nonobvious@gmail.comSubject: Re: Default Passwords for World Wide Packets/Lightning Edge EquipmentOn Jan 13, 2010, at 1:45 PM, Barry Shein wrote: There seem to be a lot of misconceptions about RFID tags.
I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application.Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F and ser#.
The vendor knows F - who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendordb), being able to read this admittedly-arbitrary number may indeed be a threat.-Steve Bellovin.